The United States government has lifted export controls on Anthropic’s frontier cybersecurity AI model, Fable 5, ending a roughly three-week shutdown that had blocked foreign nationals from accessing the tool. Anthropic confirmed the restoration of access on Tuesday, saying the change followed a series of agreements with the government.

The episode marked the first known instance of export control authorities being used to restrict AI software rather than chips or physical hardware. How the situation was resolved may shape the regulatory framework for frontier AI models going forward.

What Triggered the Controls

According to Anthropic, the initial shutdown was prompted by a jailbreak technique described in an Amazon research report. The company asked Luta Security founder Katie Moussouris to assess the paper. Moussouris found that researchers had fed Fable 5 open-source code containing known vulnerabilities and deliberately planted flaws, then prompted the model to fix the code. The output was manually assembled, across multiple steps, into scripts that test patches.

Moussouris characterized this as defensive security work rather than a guardrail bypass, writing that it represented the find-fix-test loop that security defenders run daily. She concluded the underlying capability cannot be removed without degrading the model’s usefulness for legitimate security work.

Anthropic’s own subsequent testing found the same technique worked against other frontier models, including GPT-5.5 from OpenAI and the Chinese model Kimi K2.7. Neither faced comparable export restrictions. The company said the technique exposed no capability unique to its models.

Conditions for Restored Access

As part of the negotiated resolution, Anthropic trained a new safety classifier that blocks the specific technique in more than 99 percent of cases. Researchers from the Commerce Department’s Center for AI Standards and Innovation tested both the original and updated safeguards and endorsed the result.

Additional commitments from Anthropic include:

  • Expanded pre-release access for government evaluators before broad model releases
  • Rapid disclosure of significant jailbreaks
  • Dedicated staff and compute for joint government-industry research
  • Participation in a shared voluntary security standard across frontier model providers
  • A HackerOne bug bounty program for cyber jailbreak submissions

Export controls on Anthropic’s more powerful model, Mythos 5, were also fully lifted as of June 30, though access to that model remains restricted to vetted US organizations through Project Glasswing, Anthropic’s controlled-access program for critical infrastructure defenders.

Industry Pushback and Political Context

More than 100 cybersecurity professionals signed an open letter organized by former Facebook security chief Alex Stamos, addressed to Commerce Secretary Howard Lutnick and National Cyber Director Sean Cairncross. The letter warned that restricting access to advanced defensive AI while adversaries continue to advance was counterproductive. Signatories included executives from Nvidia, Adobe, Zoom, Google, and Sophos.

The controls arrived amid broader tensions between Anthropic and the Trump administration. Defense Secretary Pete Hegseth had previously designated Anthropic a supply chain risk following the breakdown of contract negotiations over military use of its Claude model. Reports indicated that Anthropic co-founder Tom Brown took over negotiations with the administration after CEO Dario Amodei became a political target, and that the letter formally lifting the ban was addressed to Brown rather than Amodei.

Anthropic, together with Glasswing partners including Amazon, Microsoft, and Google, is now drafting an industry framework to score jailbreak severity across four criteria: capability gain over existing tools, breadth of tasks affected, ease of weaponization, and discoverability.

The Five Eyes intelligence alliance separately warned this week that frontier AI models are set to fundamentally transform both offensive and defensive cybersecurity capabilities, with the timeline measured in months rather than years.